By using AWS re:Post, you agree to the Terms of Use

AWS SFTP with Okta

0

I know OKTA can be used as an auth provider with AWS SFTP but can OKTA handled the Logical directory mapping so users dont have to see entire s3 path.

asked a year ago98 views
2 Answers
0

Hello cloudminion,

Thank you for reaching out to us.

As you already know Okta can be used as an auth provider which means that from the Lambda function you can make an API call and check whether the user is authenticated or not. After the user is authenticated, you can build a logic in the Lamba function to return the HomeDirectoryMappings. If you are going to use a single mapping to restrict each user to his home directory then you can return back a single entry,target pair and set the target to "/mybucket/${Transfer:UserName}". By doing so, each user who is authenticated will have be restricted to his home folder as the variable "Transfer:UserName" will be replaced with the username. If the mapping is more complex or different for each user you can also use e.g DynamoDB to store the mapping for the user, do a query with the username and return the mapping back.

You may also use custom attributes on your users in Okta and configure the mapping on each user, however, you may need to do multiple API calls from the Lambda (one to authenticate the user and one to get the custom attributes) and you also need to modify the users in Okta which might not be convenient for you.
-- https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-add-custom-user-attributes.htm

Lastly, I would recommend to use one of the CloudFormation templates we have which integrates with Secrets Manager and you can easily configure your users and the mapping for each user on Secrets Manager. We have a blog with all the steps on how to run the template and configure your users in Secrets Manager.
-- https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-family-using-aws-secrets-manager-updated/

Please let me know if you have any questions.

Regards,
Panagiotis

answered a year ago
0

Thanks for the answer, that does help with our problem statement. Do you have a CFN template for SFTP deployment with Okta and user mappings.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions